[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: link failover

guilgamesh70 wrote:

Cedric Berger wrote:

guilgamesh70 wrote:

Hi group,
I have this situation

+ +------- IPSec link
Internal network --------+ Obsd Box +
+ +------- Private link

where I would like to failover the private link over the ipsec link.
I get confused with routing.
Should I use cron to test next hops availability + dynamic pf changes or ospf (two ends will be openbsd boxes)
Any suggestion would be highly appreciated.

Thhanks in advance.

Does the Obsd Box handle the IPSec VPN itself or is it a separate box? Cedric

Yes the obsd will handle the ipsec vpn. That's why I have some trouble at the routing level

Yep, I can understand the problem now. I don't know ospf, but I strongly doubt it will handle that case. So you're left with a cron job I guess. IPSEC comes before routing, so if you add/remove the flows with your script (and ipsecadm), this will work without touching PF. Personally, I think this is such a pain that I would try to get two boxes to split the VPN and failover capabilities. Maybe someone else has a better idea? Cedric